from the um... dept

A couple weeks back, we wrote about a ridiculous and massively overbroad demand from the IRS that virtual currency exchange/online wallet host Coinbase turn over basically all info on basically all Coinbase users. They did this because they saw evidence of a single person using Bitcoin to avoid paying taxes. Coinbase expressed concern over this, but Judge Jacqueline Scott Corley didn't seem too concerned, and has granted the IRS's request by literally rubber stamping the DOJ's request. I know it's not all that uncommon for judges to accept "proposed orders" but it's still a bit disturbing to see it happen on something with potentially massive consequences.

Coinbase has indicated that they're going to push back on this legally, but it's still quite unfortunate that the judge didn't seem all that concerned about this. While Coinbase says it expected the court to grant this order, and that "we look forward to opposing the DOJ's request in court," it's unfortunate how quick judges are to agree to these kinds of orders. Either way, this is going to be a case to follow.

from the slow-down,-skippy dept

There have always been questions about the tax implications of cryptocurrencies like Bitcoin. A few years ago, the IRS came out with some guidelines, declaring cryptocurrencies to be property, rather than currency, and then taxed more like equity. But late last week, the IRS went to court to basically demand Coinbase turn over all info it has on everyone. Coinbase is one of, if not the, leading online cryptocurrency exchanges and places where many people store their cryptocurrency in an online wallet. It's a company that has bent over backwards to comply with the laws. But, no matter, the IRS basically thinks everyone who uses it is a tax cheat. Here's what the IRS demanded:

All records of account/wallet/vault activity including transaction logs or other records identifying the date, amount, and type of transaction (purchase/sale/exchange), the post transaction balance, the names or other identifiers of counterparties to the transaction; requests or instructions to send or receive bitcoin; and, where counterparties transact through their own Coinbase accounts/wallets/vaults, all available information identifying the users of such accounts and their contact information.

Uh, yeah, that's not very limited. It's not limited at all. The IRS literally wants everything. Why? Because, according to the IRS, it's investigating one single tax cheat. In a declaration, IRS agent David Utzke, talks about a single tax cheat, and says this gives him a basis for requesting all info.

After using a traditional abusive offshore arrangement for approximately 5 years,
Taxpayer 1 became fatigued with the effort required to manage his offshore accounts, attorneys, and
applicable regulations, and discovered virtual currency while conducting internet research on the topic.
Taxpayer 1 began testing the use of virtual currency and eventually abandoned the use of his offshore
structure. Taxpayer 1 was able to use virtual currency to repatriate his assets without governmental
detection.

For example, Taxpayer 1 originally worked with a foreign promoter who set up a
controlled foreign shell company which diverted his income to a foreign brokerage account, then to a
foreign bank account, and lastly back to Taxpayer 1 through the use of an automated teller machine
(ATM). Once Taxpayer 1 abandoned the use of his offshore structure in favor of using virtual currency,
the steps described above were the same until his income reached his foreign bank account. Once there,
instead of repatriating his income from an ATM in the form of cash, Taxpayer 1 diverted his income to a
bank which works with a virtual currency exchanger to convert his income to virtual currency. Once
converted to virtual currency, Taxpayer 1’s income was placed into a virtual currency account until
Taxpayer 1 used it to purchase goods and services. Taxpayer 1 failed to report this income to the IRS.

Utzke also mentions two other taxpayers, which were companies, not individuals, but which used Coinbase. He notes that others are laundering money and thus likely to be using cryptocurrencies. That may be true, but it seems like a pretty big stretch to argue that means Coinbase should cough up all details on all transactions.

In the IRS's memorandum of support, it insists that it's just trying to find all the tax cheats, so it should get to look at all the records.

Since 2009, the use of virtual currency has increased exponentially. Some users value the
relatively high degree of anonymity associated with virtual currency transactions because only a
transaction in virtual currency, such as buying goods or services, is public and not the identities of the
parties to the transaction. Because of that, virtual currency transactions are subject to fewer third-party
reporting requirements than transactions in conventional forms of payment. However, due to this
anonymity and lack of third-party reporting, the IRS is concerned that U.S. taxpayers are underreporting
taxable income from transactions in virtual currencies. Further, because the IRS considers virtual
currencies to be property, United States taxpayers can realize a taxable gain from buying, selling, or
trading in virtual currencies. There is a likelihood that United States taxpayers are failing to properly
determine and report any taxable gain from such transactions.

.... The issuance of
the summons is warranted here because (i) the summons relates to an ascertainable group or class of
persons; (ii) there is a reasonable basis for believing these U.S. taxpayers failed to comply with internal
revenue laws; and (iii) information sufficient to establish these U.S. taxpayers’ identities is not readily
available to the IRS from other sources.

Our customers may be aware that the U.S. government filed a civil petition yesterday in federal court seeking disclosure of all Coinbase U.S. customers' records over a three year period. The government has not alleged any wrongdoing on the part of Coinbase and its petition is predicated on sweeping statements that taxpayers may use virtual currency to evade taxes.

Although Coinbase's general practice is to cooperate with properly targeted law enforcement inquiries, we are extremely concerned with the indiscriminate breadth of the government's request. Our customers’ privacy rights are important to us and our legal team is in the process of examining the government's petition. In its current form, we will oppose the government’s petition in court. We will continue to keep our customers informed on developments in this matter.

What happens here is going to be a big, big deal in the cryptocurrency world. The IRS had to know that this was going to get attention, and perhaps that's the intent. But this seems like a massive overreach.

from the because-fuck-the-4th-amendment,-that's-why dept

Hey, remember last week, when lots of folks were super excited about the US House of Representatives unanimously voting in favor of the Email Privacy Act? They voted 419 to 0. That kinda thing doesn't happen all that often. I mean, sure it happens when condemning ISIS, but they couldn't even make it when trying to put sanctions on North Korea. Basically, something needs to be really, really screwed up to get a unanimous vote in the House. And the Email Privacy Act, which goes a long way (though not far enough) towards fixing ECPA (the Electronic Communications Privacy Act of 1986) that makes it way too easy for the government to snoop on your electronic communications, actually got that unanimous vote.

So it should be moving forward and well on its path to becoming law, right? Right?!? Well... about that. You see, as we'd mentioned in the past, the SEC has been the main voice of opposition to the Email Privacy Act, since it (along with the IRS), kinda like the fact that they can snoop through emails without a warrant. Never mind that it's probably unconstitutional, it makes their jobs so much easier. And, really, isn't that the important thing?

Apparently, Senator Chuck Grassley thinks so. And, hey, bad luck for, well, everyone, because Grassley just happens to be the guy in charge of moving the bill forward on the Senate side. And he's not having any of it right now, claiming that there are "concerns" about the bill:

“Members of this committee on both sides of the aisle have expressed concerns about the details of this reform, and whether it’s balanced to reflect issues raised by law enforcement,” said Sen. Charles Grassley, the chairman of the Senate Judiciary Committee, on Thursday.

Concerns? It didn't seem like anyone in the House was concerned about it because (I should remind you) it passed unanimously. And that's because it's really only making fairly common sense changes to the law to require a warrant (as required by the 4th Amendment) to snoop on emails.

The Securities and Exchange Commission is still fighting a House-passed bill to require law enforcement to get a warrant before obtaining messages from email providers. “[The Email Privacy Act] would create a dangerous digital shelter for fraudsters,” SEC Enforcement Director Andrew Ceresney said in a statement to POLITICO. “The privacy interests the bill addresses can be fully achieved without blocking civil law enforcement agencies like the SEC from obtaining the evidence it needs to protect investors.”

No. Actually, it doesn't create a "digital shelter for fraudsters." That's SEC Enforcement Director Andrew Ceresney lying through his teeth. It just means that the 4th Amendment needs to be obeyed when obtaining emails that are hosted on cloud providers. Just like a warrant is needed to obtain someone's personal papers. It's not creating a digital shelter. It's harmonizing the rules for digital content so they match the rules for physical documents and communications. And, in doing so, protecting the privacy and the very concept of the 4th Amendment.

Either way, all that momentum in the House may be for nothing if the SEC and Grassley get their way.

from the intuit-ive-thinking dept

Yay, it's tax season again! As our American readers will know, this is the wonderful time of year when we scramble to get all of our taxes and deductions paperwork in order, take them to some storefront that looks like a military recruitment center, push all of those papers in front of someone that looks like they just graduated from college, and scream, "You figure it out!" For our foreign readers, I should explain that we do this because our tax code is more complicated than the plot of Game of Thrones, our tax authorities are every bit as ruthless as that same series, and we've collectively allowed our citizens' payment of due obligations to become a for-profit industry. But seriously, though, come to America. It's great. I swear.

Several times in the past, some members of our government have attempted to lessen the burden we bear to pay our taxes. It never seems to work because the industry that makes money off of this tax system -- the tax preparation people and software makers -- lobbies to keep filing free taxes a pain in the ass, directly scaring the public into thinking the government will over-charge them, and then indirectly and unethically having sockpuppets do the same. It's in this way that you have a free-to-file federal tax program that roughly two-thirds of the public would be perfectly qualified to use, instead only being used by 3% of the population. 'Merica!

On Wednesday, the Democratic senator introduced a bill with seven cosponsors, including Democratic presidential candidate Bernie Sanders, seeking to make significant reforms to the Internal Revenue Service (IRS). Under the bill, Americans with simple tax obligations would have the option not to complete a tax return at all, but to instead receive a pre-prepared return from the IRS with their liability or refund already calculated for them. The IRS already gets most employer and bank information on taxpayers’ obligations — such as W2s and interest earned — so all it would have to do is calculate what they would owe for them.

For others with more complex situations — those who want to itemize their deductions or with many dependents who have to provide more information — the bill would direct the IRS to develop a free, online preparation and filing service that would allow everyone to file directly with the government, rather than relying on third party filing services like TurboTax or H&R Block. And taxpayers would be able to download the tax information the IRS already has.

In other words, have the IRS, which will be evaluating these people's returns anyway, simply do all the math for most of the simple tax returns. We're not talking about returns that would legitimately make use of deductions; we're talking about very simple tax returns, which is what most people have filled out by tax preparers or tax software anyway. Now, this is usually where someone will make the obvious point: the government doesn't deserve to be entrusted with this math. And, hey, I take that point seriously. The government has certainly shown its capacity to lie and deceive. But so has the tax-prep industry. Intuit has been guilty of all kinds of underhanded attempts to keep people from being able to file for free. They are proven deceivers, too.

In addition to that, this bill is directly setting its sights on the cozy relationship the IRS has with the tax-prep industry, so anti-governmenters should really think about getting on board with this.

The bill would also prohibit the IRS from entering into agreements that would restrict its ability to provide such free, online services directly to taxpayers. The IRS has signed a number of binding agreements with the tax preparation industry over the years that blocks it from offering free services directly to taxpayers itself, saying that it will “not enter the tax preparation software and e-filing services marketplace” and “not compete” with private service providers. The IRS’ declarations that it won’t enter the tax preparation space fly in the face of what it’s been mandated to do. In 1998, Congress passed a bill requiring the Treasury Department to develop a “return-free” tax system by 2008 for those with simple obligations, computing what those people owe with information the IRS already has. Yet Warren’s office argues that the IRS has instead turned control of the process over to private tax preparation companies.

When a government institution rebukes its public duties in favor of corporate wishes, there's a word for that. And it's that corporate control that will be pushing back on Warren's bill. The tax-prep industry, after all, has spent nearly $30 million in lobbying Congress since the late nineties. We're all about to get a very real lesson on the effect of corporate lobbying on a Congress that is ostensibly designed to serve the public need. I suspect the results will be as instructive as they are ugly.

Part of the solution to this is, of course, a simplified tax code. But it's somewhat strange to see some in favor massive tax reform, including simplifying the tax code, come out against simplifying filing tax returns or eliminating returns entirely.

Yet some anti-tax groups that say they want a simpler tax code have fought against these efforts. Grover Norquist, founder of Americans for Tax Reform, has testified and advocated against a return-free system. Republican presidential candidate Ted Cruz has consistently called to abolish the IRS, rather than get on board with plans to direct the agency to make things easier for taxpayers.

Some of that sentiment is likely coming from a worry that a simplified filing system would lead many people to be less angered by the overall tax system, and thus less interested in more radical reform. And some is likely born of a deep-seeded mistrust of government in general and the IRS in particular. Which, again, I completely understand. But it would be wise for the listeners of those mouthpieces to truly understand what this legislation would accomplish, because it's largely built around eliminating returns for filers with returns so simple that charging to file them is downright silly.

from the bang-up-job dept

Last year, the personal records of 100,000 taxpayers wound up in the hands of criminals, thanks to a flimsy authentication process in the agency's "Get Transcript" application. In short, the IRS used all-too-common static identifiers to verify taxpayer identity (information that could be found anywhere), allowing criminals to use the system to then obtain notably more sensitive taxpayer information and ultimately steal finances. At the time, the IRS breathlessly insisted it would be shoring up its security standards, though it failed to really detail how it would accomplish this.

Tax return fraud has since become a burgeoning industry unto itself, with crooks consistently gaming IRS systems to fool the IRS into sending your money to a criminal's account, something victims only discover when they find their own, legitimate tax returns rejected. To protect these compromised users, the IRS has employed a system wherein it mails these victims a six-digit "Identity Protection (IP) PIN." That pin has been mailed to some 2.7 million victims, and must be entered into the following year's tax return. But not-too-surprisingly, this pin system is also notably easy to game, relying heavily on commonly available user data:

...The trouble with this approach is that the IRS allows IP PIN recipients to retrieve their PIN via the agency’s Web site, after supplying the answers to four easy-to-guess questions from consumer credit bureau Equifax. These so-called knowledge-based authentication (KBA) or “out-of-wallet” questions focus on things such as previous address, loan amounts and dates and can be successfully enumerated with random guessing. In many cases, the answers can be found by consulting free online services, such as Zillow and Facebook.

So yes, that's an agency already hit several times by fraud and internal scandals providing an identity theft tool -- that can be used to help steal your identity. A CPA by the name of Becky Wittrock, who had fallen victim to identity theft in 2014, notes she's now been a repeat victim after thieves impersonated her, then used the IRS's crappy pin system to impersonate her again:

Becky Wittrock, a certified public accountant (CPA) from Sioux Falls, S.D., said she received an IP PIN in 2014 after crooks tried to impersonate her to the IRS. Wittrock said she found out her IP PIN had been compromised by thieves this year after she tried to file her tax return on Feb. 25, 2016. Turns out, the crooks beat her to the punch by more than three weeks, filing a large refund request with the IRS on Feb. 2, 2016. “So, last year I was devastated by this,” Wittrock said, “But this year I’m just pissed.”

After spending more time trying to prove her identity to the IRS than the thief apparently did, Wittrock was told that next year the IRS will be ditching the pin system for a murky system that may rely on users' driver's licenses. Granted, we do seem to enjoy gutting IRS funding, staffing, authority and overall resources, only to complain that the agency sucks at doing its job. Still, that's no excuse for not implementing some fundamental authentication common sense. Meanwhile, the IRS's repeated failures are troubling for a government that's intent on viewing itself as the foremost expert in cyber-warfare and security, yet still can't manage to keep wolves out of its own henhouse.

from the uh...-what-now? dept

Late last night, the NY Times broke a very troubling story. Rather than finally putting an end to Executive Order 12333, it appears that President Obama is going to expand the power of it in dangerous ways. We've written about EO 12333 a bunch of times, but for those of you unfamiliar with it, it's an executive order signed by President Reagan that basically gave the NSA pretty free rein to collect signals intelligence outside of the US. Because it's not (technically) about domestic surveillance, what the NSA does under EO 12333 is not subject to Congressional oversight. That is, Congress is mostly as much in the dark as everyone else is on what the NSA is doing overseas. And, as former State Department official John Napier Tye revealed a couple of years ago, for all the talk of domestic surveillance programs revealed by Ed Snowden, the NSA's real power comes almost entirely from 12333.

And it has no limitations. Napier noted that the other programs -- things like Section 215 (now morphed into whatever the USA FREEDOM Act allows) and Section 702 -- were merely used to "fill in the gaps" not covered by 12333.

And it almost certainly involves both foreign and domestic intelligence. Basically, if any of your data goes outside of US boundaries, the NSA is free to capture it under 12333. Remember those stories of the NSA hacking into datacenters of companies like Google, Yahoo and Microsoft? Those datacenters were in Singapore. And the reason the target was Singapore rather than the US, was because of 12333.

Meanwhile, the NSA likes to insist that it respects the privacy of Americans thanks to its vast minimization program that is supposed to dump inappropriate data on Americans, or in stripping out private information when sharing data with other agencies.

But apparently that's going away. Instead, the White House has plans to let the NSA share data collected under 12333 with other government agencies without any minimization. Basically, whatever the NSA collects overseas might now be freely available to the FBI or Homeland Security or the IRS or the DEA. Doesn't that seem at least somewhat problematic? From the NY Times:

The Obama administration is on the verge of permitting the National Security Agency to share more of the private communications it intercepts with other American intelligence agencies without first applying any privacy protections to them, according to officials familiar with the deliberations.

The change would relax longstanding restrictions on access to the contents of the phone calls and email the security agency vacuums up around the world, including bulk collection of satellite transmissions, communications between foreigners as they cross network switches in the United States, and messages acquired overseas or provided by allies.

The idea is to let more experts across American intelligence gain direct access to unprocessed information, increasing the chances that they will recognize any possible nuggets of value. That also means more officials will be looking at private messages — not only foreigners’ phone calls and emails that have not yet had irrelevant personal information screened out, but also communications to, from, or about Americans that the N.S.A.’s foreign intelligence programs swept in incidentally.

This is crazy. For all the talk of the NSA having access to all of this information, and even a fair number of reports of NSA staff "abuse" of their access to data, in general, the NSA certainly has a reputation for being serious about not allowing any abuse of the data. Other agencies? Not so much. The FBI, CIA, DEA and ATF, for example, have long and colorful histories of abusing data to harass and intimidate people. Giving them much wider access to whatever the NSA slurps up overseas, and then trusting those agencies to handle "minimization" (as is the apparent plan) is downright frightening.

And despite this massive change, the public won't get to weigh in. Instead:

Intelligence officials began working in 2009 on how the technical system and rules would work, Mr. Litt said, eventually consulting the Defense and Justice Departments. This month, the administration briefed the Privacy and Civil Liberties Oversight Board, an independent five-member watchdog panel, seeking input. Before they go into effect, they must be approved by James R. Clapper, the intelligence director; Loretta E. Lynch, the attorney general; and Ashton B. Carter, the defense secretary.

Oh sure. They just need approval from the folks who will benefit most from all of this, and no real discussion with the public who will be impacted by it. What a surprise...

from the no,-WE'LL-decide-how-this-case-is-dimissed dept

The government has made one last attempt to screw over a victim of an IRS bank account seizure. The screwing began in December of 2014, when the IRS -- despite stating it would not perform forfeitures if there was no clear evidence of wrongdoing -- lifted $107,000 from convenience store owner Lyndon McLellan. This was yet another one of the IRS's "structuring" cases, predicated solely on the fact that multiple deposits under $10,000 were made. ($10,000 triggers automatic reporting to the federal government.)

After the IRS announced it would not be pursuing questionable structuring seizures -- thanks mainly to several rounds of negative press -- it still continued to pursue McLellan's case, despite IRS Commissioner John Koskinen telling a Congressional subcommittee that this was exactly the sort of case the IRS would no longer be pursuing.

The prosecutor in charge of McLellan's case was less than enthused about the public discussion of the McLellan "investigation." He claimed the public discussion only made IRS investigators angrier and more likely to act vindictively (I'm paraphrasing) and claimed the "final offer" would only be 50% of the seized funds.

The "final offer" turned out not to be all that "final." The IRS eventually dropped the case and returned all $107,000 to McLellan. However, it did not feel McLellan was entitled to compensation for legal fees because he did not "substantially prevail" in his case against the IRS seizure.

The government's argument against the awarding of fees was basically nothing more than it illustrating how easy it is for it to rig the game. All it takes is a more sympathetic -- or less attentive -- judge.

The government tried to dismiss the case without prejudice, knowing that caselaw would side with it on the denial of fees.

Under CAFRA (Civil Asset Forfeiture Reform Act), a claimant can recover his reasonable attorney fees and litigation costs only if he has "substantially prevailed" in a civil forfeiture proceeding. 28 U.S.C. § 2465(b)(1 ). A number of courts have held that a claimant has not substantially prevailed where the forfeiture proceeding was voluntarily dismissed without prejudice.

[...]

Indeed, this court can find no examples of any court reaching the opposite conclusion. Those courts that have considered the issue primarily rely on the Supreme Court's rationale regarding fee-shifting provisions found in Buckhannon Bd & Care Home,. Inc. v. W Va. Dept of Health & Human Res., 532 U.S. 598 (2001). In Buckhannon, the Court held that prevailing party status requires an "alteration in the legal relationship of the parties." Id at 605. Thus, an enforceable judgment on the merits and a court-ordered consent decree carry the necessary "judicial imprimatur" to convey prevailing party status, while a voluntary change in a party's conduct -- despite being inspired by a lawsuit -- does not.

The government argued in its brief that the case should only be dismissed without prejudice, raising several of its own claims as apparent legal strawmen, but refusing to address the solitary argument raised by McLellan -- that dismissal without prejudice would preclude him from seeking legal fees.

The court, fortunately, repays the government's refusal to address McClellan's sole argument by refusing to entertain its unrelated defense of its "dismissed without prejudice" strategy.

Certainly, the damage inflicted upon an innocent person or business is immense when, although it has done nothing wrong, its money and property are seized. Congress, acknowledging the harsh realities of civil forfeiture practice, sought to lessen the blow to innocent citizens who have had their property stripped from them by the Government. Through CAFRA, Congress provided for relief in such cases. This court will not discard lightly the right of a citizen to seek the relief Congress has afforded...

[...]

Therefore, a voluntary dismissal without prejudice would likely preclude prevailing party status under CAFRA, depriving Claimants of their right to bring a claim under that statute. Further, the court considers this likelihood of deprivation great enough to constitute a substantial legal prejudice. Accordingly, this action is DISMISSED with prejudice.

Last-minute screwing averted. McLellan has a chance to recover $22,000 in legal fees along with any interest accrued on the $107,000 while in the government's possession. The Institute of Justice, which took on McLellan's case, is hoping this decision will aid them in its battle to recover fees from another questionable IRS seizure.

The Institute Justice is seeking CAFRA compensation in a similar structuring case involving Carole Hinders, an Iowa restaurant owner who got her money back after I.J. took up her cause. The U.S. Court of Appeals for the 8th Circuit will hear oral argument in that case next Tuesday. "The government cannot turn a citizen's life upside down and then walk away as if nothing happened," says Wesley Hottot, an I.J. attorney who is representing Hinders. "Now that Lyndon has been vindicated, we look forward to holding the government to account in Carole's case as well."

Hinders' interest recovery should certainly be larger, if not the legal fees themselves. All told, the IRS seized $315,000 from the owner of a small, cash-only restaurant -- again, based on nothing more than sub-$10,000 deposits that traced back to a wholly legal enterprise.

from the didn't-see-that-coming dept

We've been talking about and asking for ECPA reform for many, many years, and it might finally be moving forward. ECPA is the Electronic Communications Privacy Act, which details how the government can get access to your electronic communications. The law was written in the early 1980s, and as you've probably noticed, we live in a very different world these days as it pertains to electronic communications. One key example: the law says that messages left on a server for more than 180 days are considered abandoned and can be searched without a warrant. That may have made some sense (though, not really) in a client-server era, where everyone downloaded their messages leading to them being deleted from a server, but it makes no sense at all in an era of cloud computing.

The main foes against updating ECPA have been government agencies that have investigatory powers, but not the ability to get a warrant -- mainly the SEC and the IRS, with the SEC being the real stumbling block. The SEC really liked the fact that it could snoop through emails without a warrant. So, even with massive support in Congress, ECPA reform never went anywhere.

So it was a bit surprising to folks this week to see Rep. Bob Goodlatte announce that the Judiciary Committee will now markup the ECPA reform bill, meaning that the bill is moving forward again. It's not entirely clear why it's happening now, but at the very least, it sounds like the SEC's constant protests may no longer be an obstacle. Hopefully it does move forward, and whatever results from the process leads to much stronger privacy protections on electronic communications, such as actually requiring a warrant, like the 4th Amendment says should happen.

from the multiple-layers-of-thievery dept

In late spring of last year, more than 100,000 taxpayers had their personally-identifiable information accessed by criminals. It wasn't a security breach, nor was it accomplished by "hacking." Instead, it was the result of the IRS using common static identifiers to verify accounts -- information that could easily be found elsewhere. These were deployed to access transcripts of taxpayers' filing histories. The transcripts gave criminals the information they were actually seeking: Social Security numbers, birth dates and current addresses.

The IRS promised to be less easily "hacked" going forward. It didn't mention any specific steps it would take. "Protocols" would be "strengthened" and taxpayers known to be compromised (likely a smaller number than those actually compromised) were given the consolation prize of free credit monitoring and a "Sorry about that" letter from the IRS.

In addition, efforts were mounted to further protect taxpayers from identity fraud, which, to date, has produced a study, a "working group" and a press release. This may prove fruitful in the future (actual implementation date still TBA...), but it's too bad the agency couldn't be bothered to escalate its defensive efforts until after catastrophe had already struck. And it does nothing at all for past hurtful efforts made by "helpful" government employees. (via Overlawyered)

Federal officials today announced arrests and charges in a stolen identity tax-refund scheme believed to involve more than $1 million in false claims and run by an IRS employee who was supposed to be assisting taxpayers experiencing problems resulting from identity theft.

A federal grand jury earlier this month indicted NAKEISHA HALL, JIMMIE GOODMAN and ABDULLA COLEMAN for their involvement in a 2008 to 2011 scheme operated out of Birmingham that involved stealing personal identity information from the Internal Revenue Service to create fraudulent tax returns and collecting the stolen refunds…

Hall, having access to taxpayer information as an IRS employee, apparently orchestrated the scheme. Fraudulent tax refunds were routed to prepaid debit cards. These cards were then sent to a variety of fake home addresses set up by the three conspirators -- one of which is already doing time on an unrelated charge.

There you have it. The IRS is unable to protect you from outside threats or inside threats. It's still generally satisfactory when it comes to closing doors on empty barns, though. And, Nakeisha Hall -- tasked with preventing ID theft but instead engaging in it -- transfers to the US Dept. of Irony, joining such luminaries as Air Force chief of Sexual Assault Prevention (arrested for sexual assault) and the Obama administration (whose open government workshop was closed to the public).

from the will-continue-to-investigate-murders-in-its-spare-time dept

Now that it's been a few weeks and we're used to the idea that the IRS has a Stingray device, more information has arrived to put us slightly more ill at ease. Sen. Ron Wyden asked IRS head John Koskinen some pointed questions about the IRS's cell tower spoofer ("WTF?" wasn't one of them) and has received some answers.

The IRS assures Wyden -- and by extension, the American public -- that it only uses them correctly and in a limited fashion through its criminal investigation division.

IRS use of cell-site simulation technology is limited to the federal law enforcement arm of the IRS, our Criminal Investigation division. Only trained law enforcement agents have used cell-site simulation technology, carrying out criminal investigations in accordance with all appropriate federal and state judicial procedures.

The IRS has only one* Stingray at this point, but is acquiring another, because you just can't have enough cell site simulators these days. It will also start obtaining warrants, in accordance with the DOJ's non-legally-binding suggestion that its agencies do so going forward.

*Possibly two -- see Marcy Wheeler's comments towards the end of this post.

But everything it said above about its Stingray use being limited to the IRS's Criminal Investigation division isn't exactly true. It may have sent its agents out to assist other law enforcement agencies with their work, but it did not limit its Stingray usage to its own investigations.

In addition, IRS-CI has used the cell-site simulator to assist in four non-lRS-CI investigations, one other federal and three state investigations. The federal case was a Drug Enforcement Agency (DEA) federal grand jury narcotics investigation, and tracked one cellular device. In this instance, IRS-CI operated the cell-site simulator, based upon the appropriate federal court order obtained by DEA, and followed all applicable laws under the guidance of an Assistant United States Attorney. The three state cases were non-grand jury investigations involving attempted murder, murder, and gun trafficking, and tracked six cellular devices.

So, the IRS sent its Stingray out to assist other agencies with their investigations. It's understandable that the DEA would be aware the IRS had a Stingray in its possession, but the three state investigations were performed by local agencies that somehow knew to ask the IRS if it had a cell site simulator they could borrow.

Even more absurd is the fact that the IRS is in the process of acquiring another cell site simulator. It's not as though it's worn the other one out, as Marcy Wheeler notes.

In other words, over the course of its almost 4 year life, the Stingray has tracked just 44 devices.

That seems to suggest this tracking isn’t just a quick one-off, otherwise they wouldn’t need another device, as they’re currently in the process of getting.

Perhaps however, this is a testament to the obsolescence of these devices. In his response to Wyden, Koskinen doesn’t mention the Stingray IRS bought in 2009, suggesting it may not be in use anymore.

The government is sure blowing through these expensive surveillance toys in quick succession.

If everything adds up (including Daniel Rigmaiden's exposure of the IRS's cell phone tracking efforts in his case), this would be the third device the IRS has purchased -- or at least the third it will have access to. Stingrays aren't cheap and at ~4 deployments a year, it would seemingly make more sense for the IRS to borrow one from another federal agency when it needs one, rather than acting as a small-time Stingray lending library for state agencies.

If Wheeler's other conjecture is accurate -- that these devices need periodic replacement -- then Harris is no different than a host of other tech manufacturers who make planned obsolescence an integral part of the business model.